From dbf780a48ae10747973b94d16beb665bf7c95e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanislav=20L=C3=A1zni=C4=8Dka?= Date: Fri, 7 Mar 2025 17:33:51 +0100 Subject: [PATCH] authn-trust: don't react to target CM updates If kube-apiservers run at a different version (during upgrades) and each has different opinion on what the `extension-apiserver-authentication` config map should look like, they would start dueling with config map writes. This commit removes handling of the update events of the target CM in order to reduce the amount of such dueling to once a minute, as the controller is guaranteed to run at least once a minute anyway. The idea is that a cluster state with two different versions of kube-apiserver should never be permanent, and so a reduced amount of dueling for that period is tolerable. --- .../cluster_authentication_trust_controller.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go b/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go index 3c86b026f59..10d45d80e53 100644 --- a/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go +++ b/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go @@ -128,9 +128,6 @@ func NewClusterAuthenticationTrustController(requiredAuthenticationData ClusterA AddFunc: func(obj interface{}) { c.queue.Add(keyFn()) }, - UpdateFunc: func(oldObj, newObj interface{}) { - c.queue.Add(keyFn()) - }, DeleteFunc: func(obj interface{}) { c.queue.Add(keyFn()) },